SQLiScanner – Automatic SQL Injection With Charles & SQLmap API

SQLiScanner is a automatic SQL injectiont tool with Charles and sqlmap api with support on Linux and osx. Following are the dependencies for this automatic injection tool.

• Django
• PostgreSQL
• Celery
• sqlmap
• redis

Also Read:Dawnscanner – Static Analysis Security Scanner

SQLiScanner Installation

It will always be best if you can download it by cloning the Git repository:

git clone https://github.com/0xbug/SQLiScanner.git –depth 1

Users also have the option to download sqlmap by cloning the Git repository:

git clone https://github.com/sqlmapproject/sqlmap.git –depth 1

It works with Python version 3.x on Linux and osx.

Create virtualenv and install requirements

cd SQLiScanner/
virtualenv –python=/usr/local/bin/python3.5 venv
source venv/bin/activate
pip install -r requirements.txt

Setting

For this tool we have mainly 2 setting like the database and sendemail settings and below we have mentioned on how to configure the 2 settings.

DATABASES Setting

SQLiScanner/settings.py:85
DATABASES = {
‘default’: {
‘ENGINE’: ‘django.db.backends.postgresql’,
‘NAME’: ”,
‘USER’: ”,
‘PASSWORD’: ”,
‘HOST’: ‘127.0.0.1’,
‘PORT’: ‘5432’,
}
}

SendEmail Setting

SQLiScanner/settings.py:158

#Email
EMAIL_BACKEND = ‘django.core.mail.backends.smtp.EmailBackend’
EMAIL_USE_TLS = False
EMAIL_HOST = ”
EMAIL_PORT = 25
EMAIL_HOST_USER = ”
EMAIL_HOST_PASSWORD = ”
DEFAULT_FROM_EMAIL = ”

scanner/tasks.py:14

class SqlScanTask(object):
def init(self, sqli_obj):
self.api_url = “http://127.0.0.1:8775”
self.mail_from = “”
self.mail_to = [“”]

Syncdb

python manage.py makemigrations scanner
python manage.py migrate

Create superuser

python manage.py createsuperuser

Run

Once you have followed and configures the setting as mentioned above you can run the below command to make sure you have everything correct and start using it.

redis-server
python sqlmapapi.py -s -p 8775
python manage.py celery worker –loglevel=info
python manage.py runserver